Unable to resolve Azure private DNS in Custom DNS enabled Vnet

Melvin Williams 20 Reputation points
2023-12-06T17:14:15.2166667+00:00

I have configured Windows AD DS servers in a virtual network and set as custom dns servers for the spoke vnet. Also configured private end points for Azure fileshares in the same vnet. Network architecture is a Hub and spoke model. All the virtual machines are deployed in spoke network and route table set as next hope to the Palo Alto firewall in the hub network. Whenever i try access fileshares , dns resolution fails. Azure Backup configuration for databases inside the virtual machines also fails due to DNS resolution issue.

If I remove the route table, everything works without any issue. Do i need to open any specific fireall rules in Palo Alto ?

Thanks in Advance

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
627 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,472 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
484 questions
Accepted answer
  1. GitaraniSharma-MSFT 49,256 Reputation points Microsoft Employee
    2023-12-07T06:25:36.2166667+00:00

    Hello @Melvin Williams ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    Could you please share the below details:

    From where are you trying to access the Azure File shares? From the post title, it seems like you are trying to resolve the Azure private DNS in Custom DNS enabled Vnet, but you mentioned that all the virtual machines are deployed in spoke network. So, could you please clarify?

    Also, is the Custom DNS enabled Vnet linked to the Azure Private DNS zone?

    If you're using a private endpoint in a hub-and-spoke model from a different subscription or even within the same subscription, link the same private DNS zones to all spokes and hub virtual networks that contain clients that need DNS resolution from the zones.

    Refer: https://video2.skills-academy.com/en-us/azure/private-link/private-endpoint-dns-integration#virtual-network-workloads-without-custom-dns-server

    What is the route added to the route table? Is it a default route of 0.0.0.0/0? If hub and spoke Vnets are peered, then why a route table is added? Hub will learn the spoke routes automatically.

    If a route table is added, then for which destination, it is added?

    If you are accessing the Azure File share from your on-premises machine via VPN, then are you using a DNS forwarder?

    Refer: https://video2.skills-academy.com/en-us/azure/storage/files/storage-files-networking-dns

    In case of issues, without removing the UDR, try to resolve the FQDN of your Azure file share using nslookup or Resolve-DnsName command and share the result.

    Refer: https://video2.skills-academy.com/en-us/troubleshoot/azure/azure-storage/files-troubleshoot?tabs=powershell#check-dns-name-resolution

    Also, try to check the TCP connectivity to your file share using the Test-NetConnection command.

    Refer: https://video2.skills-academy.com/en-us/troubleshoot/azure/azure-storage/files-troubleshoot?tabs=powershell#check-tcp-connectivity

    NOTE: Run the above commands without removing the UDR and share the results for further investigation.

    You linked the private DNS zone to the hub network and the issue was resolved. You are now able to access the Azure File shares.

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest